ID de Prueba:	1.3.6.1.4.1.25623.1.0.58904
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0358
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0358. SquirrelMail is a standards-based webmail package written in PHP4. Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail. (CVE-2007-1262) Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail messages. This could be exploited by an attacker by sending arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening a maliciously crafted HTML e-mail message. (CVE-2007-2589) Users of SquirrelMail should upgrade to this erratum package, which contains a backported patch to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0358.html http://www.squirrelmail.org/security/issue/2007-05-09 http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1262 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BugTraq ID: 23910 http://www.securityfocus.com/bid/23910 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Debian Security Information: DSA-1290 (Google Search) http://www.debian.org/security/2007/dsa-1290 http://jvn.jp/en/jp/JVN09157962/index.html http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:106 http://osvdb.org/35887 http://osvdb.org/35888 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712 RedHat Security Advisories: RHSA-2007:0358 https://rhn.redhat.com/errata/RHSA-2007-0358.html http://www.securitytracker.com/id?1018033 http://secunia.com/advisories/25200 http://secunia.com/advisories/25236 http://secunia.com/advisories/25320 http://secunia.com/advisories/25690 http://secunia.com/advisories/25787 http://secunia.com/advisories/26235 SuSE Security Announcement: SUSE-SR:2007:013 (Google Search) http://www.novell.com/linux/security/advisories/2007_13_sr.html http://www.vupen.com/english/advisories/2007/1748 http://www.vupen.com/english/advisories/2007/2732 Common Vulnerability Exposure (CVE) ID: CVE-2007-2589 http://osvdb.org/35889 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448 XForce ISS Database: squirrelmail-multiple-scripts-csrf(34219) https://exchange.xforce.ibmcloud.com/vulnerabilities/34219
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.